Salesforce vs. Microsoft: Dueling single sign-ons

Salesforce Identity adds credentialing and single sign-on to the CRM giant's portfolio of services -- and competes directly with Microsoft's Azure-based identity offerings

Diversify or die -- that's the lesson of the era for most any service-oriented company. If you don't want to get plowed under, you'd better find out where else you can go from here.

Salesforce is hardly in danger of getting plowed under, but it isn't waiting around for the plow to arrive either. Today the company added to its product portfolio Salesforce Identity, which it bills as "Identity for the Connected World." Salesforce Identity promises to allow both customers of and employees within a Salesforce-powered company to use any of a number of common identity platforms for "any app, on any device." It also puts Salesforce that much more in competition with Microsoft's Windows Azure-based identity offerings -- or maybe it's the other way around.

Salesforce Identity is Salesforce's proffered solution to what it calls the "identity silo" problem, where users and customers alike are stuck navigating multiple identity frameworks. Enterprise users can't use their Active Directory sign-ons to work with their cache of Google apps, and customers would rather use an existing identity service -- one they might well already be logged in with -- than create entirely new accounts for each app.

Salesforce Identity intends to solve these problems with a ready-made solution -- one, most important, that's not just for Salesforce customers. Aside from being able to sign into Salesforce and all apps built with the platform via a whole mix of credentials, many common open identity standards are also supported (SAML, OAuth, OpenID Connect, SCIM), and enterprises can also set up their own branded log-in portals for their customers.

What's striking is how Salesforce isn't going to restrict this to just its own clients. Salesforce's plan is to allow free use of Identity for existing Salesforce Enterprise and Unlimited customers, and to charge $5 per user per month for access to the service by everyone not using Salesforce. Another $1 per user per month is charged to add the connector for existing identity directories such as Active Directory, though.

If any of this sounds like a distant cousin to the ways Microsoft is preparing to provide identity-management services of its own through Windows Azure, you're spot-on. Microsoft's current plan is to offer Active Directory in the cloud and charge $2 per user per month for the privilege of using it. Single sign-on to a slew of SaaS apps, including (oh, irony!) Salesforce, is also part of that deal.

[Update: Microsoft has informed me that "Microsoft is charging $2/user/month for Multi-factor Authentication. All other identity and access management features that Windows Azure Active Directory currently offers are free."]

Clearly, existing Salesforce customers with Active Directory already on premises now have a choice, with their existing Salesforce account providing them with a potentially broader, more powerful set of tools. This isn't to say Microsoft should be counted out, but given how there's arguably a far larger base of Salesforce users than Azure users, Salesforce Identity might well prove to be the far more immediately useful and powerful of the two offerings.

This story, "Salesforce vs. Microsoft: Dueling single sign-ons," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

Copyright © 2013 IDG Communications, Inc.